Description

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

Remediation

References

CVE-2005-2612

Related Vulnerabilities

WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (4.9.2)

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

WordPress Plugin Easy Testimonial Manager SQL Injection (1.2.0)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068)

Severity

High

Classification

CVE-2005-2612

Tags

Missing Update Known Vulnerabilities